iptables question

Stuart Jansen wrote:
> On Mon, 2008-11-03 at 20:39 -0700, Mike Lovell wrote:
>>> As for the suggestion to reinstall the OS, I'm not entirely sure how to
>> go about that. The machine is a Linksys NSLU2 that I hacked and loaded
>> Debian on. Things were touchy getting it installed so I'd rather try
>> other solutions first. Thanks though.
>>>> I was referring to the compromised file server. Surely that isn't a
> linksys.
>> As for your firewall problem, it's hard to debug a firewall without
> looking at _all_ rules. If you're comfortable giving us the entire rule
> set, run "iptables-save" and send us the output.
Actually, the file server is another Linksys box. The NSLU2 is a neat
little box that Linksys released a couple years ago. It has two USB 2.0
ports and an Ethernet port. It is meant to share a USB drive on a
network. Like many Linksys devices from the past, it was very hackable.
I hooked up spare hard drive, installed Debian, set up a file share, and
looked up two USB printers. It was worked relatively well for my parents
and at the time was only $90. Good stuff.
After taking some time looking at the extra stuff that OpenWRT does, I
found that in the middle of the FORWARD table, they redirect over to a
new table called forwarding_rule. I was appending a rule to the end of
FORWARD and nothing was ever getting there. I added some explicit
accepts to the forwarding_rule table followed by a REJECT for everything
else. And it appears to be working. I can do aptitude update and
aptitude is able to pull the package lists but if I use links to go to
google.com, I get a connection refused. So for anyone who wants to do
something similar on a Linksys running OpenWRT, add your rules to
forwarding_rule and not FORWARD.
Thanks everyone for the input.
Mike